b'                                                                         Office of Inspector General\n\n                                                                        U.S. Department of Homeland Security\n                                                                        Washington, DC 20528\n\n\n\n\n                                 Office of Inspector General\n                Evaluation of DHS\xe2\x80\x99 Security Program for Its Intelligence Systems\n                                          OIG-05-04\n\nThe E-Government Act (Public Law 107-347) passed by the 107th Congress and signed into law by the\nPresident on December 17, 2002, recognized the importance of information security to the economic and\nnational security interests of the United States. Title III of the E-Government Act, entitled the Federal\nInformation Security Management Act (FISMA), requires each federal agency to develop, document,\nand implement an agency-wide security program. The agency\xe2\x80\x99s security program should provide\nsecurity for the information and the information systems that support the operations and assets of the\nagency, including those provided or managed by another agency, contractor, or other source.\n\nThe OIG performed an independent evaluation of DHS\xe2\x80\x99 security program for its intelligence systems as\nrequired by FISMA. The overall objective of our evaluation was to identify whether DHS\xe2\x80\x99 information\nsecurity program and practices for its intelligence systems were adequate and effective in protecting the\ninformation from unauthorized access, use, disclosure, disruption, modification, or destruction. We\nperformed our work at the program and organizational component levels, focusing on DHS\xe2\x80\x99 compliance\nwith FISMA for its intelligence systems containing Top Secret/Special Compartmented Information, and\nin operation as of May 1, 2004. We also performed vulnerability assessments and tests of security\ncontrols for a sample of five DHS intelligence systems. Furthermore, we evaluated DHS\xe2\x80\x99 Plan of\nAction and Milestones process for its intelligence systems and assessed DHS\xe2\x80\x99 security training program.\n\nOur review was conducted between April 2004 and July 2004 and represents a baseline evaluation of\nDHS\xe2\x80\x99 intelligence program according to FISMA. We recommended that DHS take certain steps to: (1)\nprovide adequate security for the information and information systems that support its intelligence\noperations and assets; and (2) ensure the confidentiality, integrity, and availability of vital intelligence\ninformation. DHS concurred with our recommendations. We are posting only this summary on the OIG\nwebsite because the report contains classified information and should not, consequently, be widely\ndisseminated. This report contains additional administrative issues and recommendations that were not\nmade a part of OIG-04-34.\n\x0c'